A security vulnerability in the Java Runtime Environment with verifying
HMAC digests may allow authentication to be bypassed. This could allow
a user to forge a digital signature that would be accepted as valid.
Applications that validate HMAC-based digital signatures may be
vulnerable to this type of attack.